Privacy Policy
01Who we are
The Herotime app and smartstopwatch.com are operated by blue media labs GmbH, Germany (registered at Amtsgericht Hannover, HRB 204968). For all matters concerning this policy, contact marco@bluemedialabs.com. Full company details are listed in the Legal Notice / Impressum.
02Two things, described separately
This policy covers two different products that handle data very differently: the Herotime iOS app and the smartstopwatch.com website. Sections 03–04 describe the app; section 05 describes the website. Where a service acts as our data processor, section 06 lists it.
03The app — data you create
Herotime is a standalone app. The athletes you create and the times you record are stored locally on your device. There are no user accounts and no sign-in, and we never upload or receive your timing data. When you delete an athlete or clear history, that data is removed from the app. Timing itself works entirely offline.
Sharing and export happen only when you choose: you pick the destination in the iOS Share Sheet (Messages, Mail, Files, and so on), and the CSV goes directly from your device to wherever you send it. From that point the destination's own privacy terms apply — we never see a copy.
The free trial and subscription are processed by Apple through the App Store under Apple's privacy policy; we receive only anonymized, aggregate statistics from Apple.
04The app — analytics & crash diagnostics
To understand how the app is used and to fix problems, Herotime collects anonymous usage and crash diagnostics through Google Firebase (Analytics and Crashlytics). Analytics records events such as "a timing was saved"; Crashlytics records crash and error diagnostics. This data carries no personal identifiers, is tied only to Firebase's automatic anonymous app-instance identifier, and is not used to identify you. We set no user ID, use no advertising identifier (IDFA), serve no ads, and do not track you across other apps or websites. Analytics and crash reporting run only in App Store builds; they are off in development builds.
The in-app survey is optional. If you take it, it opens on Typeform — anything you enter there, including an email address only if you choose to give one, is handled by Typeform under its own terms, not stored in the app. Sending feedback opens your own email app with a message you write and send yourself.
05The website
smartstopwatch.com uses Google Analytics 4 to understand how the site is used — but only after you grant consent through the cookie banner (Google Consent Mode v2). Without consent, no analytics cookies are set. You can change your choice at any time via the cookie icon in the corner of the page.
The site is hosted on Netlify; like every web host, Netlify processes technical connection data (such as IP addresses) to deliver the site securely. The support form and any notify-me signup are processed by Brevo on our behalf: we store your message and email address only to answer you, and add you to a mailing list only after explicit double opt-in, which you can revoke with one click in any email. Forms may be protected against abuse by Cloudflare Turnstile, which checks that a submission comes from a human without tracking you across sites.
06Processors and international transfers
We rely on the following processors: Apple (App Store, purchases), Google/Firebase (app analytics and crash diagnostics), Typeform (optional survey), Netlify (website hosting), Brevo (forms and email), and Cloudflare (form anti-abuse). Some of these process data outside the EU, including in the United States; such transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses and, where applicable, the EU–U.S. Data Privacy Framework.
07Legal basis for processing
Where we process personal data we rely on the following legal bases under the GDPR: legitimate interest (Art. 6(1)(f)) for anonymous analytics and crash diagnostics that help us improve the app and website, and for basic protection of our services against abuse; consent (Art. 6(1)(a)) where you actively give it, such as website analytics via the cookie banner, newsletter double opt-in, or the optional in-app survey; and performance of a contract or pre-contractual steps (Art. 6(1)(b)) when we answer your support requests. You can withdraw consent at any time with effect for the future.
08Data retention
Analytics and diagnostics data is retained according to Firebase's default retention periods (typically up to 14 months at user level, longer in aggregated form). Support emails and form messages are kept only as long as needed to handle your request, plus any statutory retention periods. Data you create in the app lives on your device and remains until you delete it or remove the app.
09Data security
We apply appropriate technical and organizational measures to protect the limited data we process, and we rely on established providers (Apple, Google, Netlify, Brevo, Cloudflare) that maintain their own security programs. Because the app works primarily on-device, the athletes and times you record are protected by your iPhone's own security.
10Children's privacy
Herotime is a tool for coaches and timekeepers and is not directed at children. We do not knowingly collect personal data from children. The app can of course be used to time young athletes, but the timing data stays on the operator's device and is not personal data we receive.
11California privacy rights (CCPA)
We do not sell or share personal information, and we do not use it for cross-context behavioral advertising. California residents have the right to know what personal information is collected and how it is used, to request its deletion, and to not be discriminated against for exercising these rights. To make a request, contact marco@bluemedialabs.com.
12Your rights
Under the GDPR you may request access to, correction of, or deletion of personal data we hold about you; you may request restriction of processing, data portability, and you may withdraw any consent at any time with effect for the future. Write to marco@bluemedialabs.com — we answer personally.
You also have the right to lodge a complaint with a supervisory authority. Ours is: Die Landesbeauftragte für den Datenschutz Niedersachsen, Prinzenstraße 5, 30159 Hannover, Germany.
13Changes to this policy
When this policy changes, the effective date above is updated and material changes are announced in the Journal. Continued use of the app or website after an update constitutes acceptance of the revised policy.